Russia has overtaken the United States as the world’s top source of spam, according to new Kaspersky research.

For the first time in four years, the United States is no longer the world’s top producer of email spam. Russia and Germany both overtook the United States and China. They previously were first and second place, respectively, according to the Kaspersky research.

Russia produced more than 21% of all spam in 2020, followed by Germany at 11%, the United States at 10.5% and China at 6.2%.

Overall, spam accounted for one-half of all email traffic, down about 6% from 2019.

Kaspersky detected more than 185 million malicious attachments. Online stores were the most frequent targets of phishing attacks.

2 Attack Trends

Tatyana Kulikova is web content analyst at Kaspersky.

“This year, it’s noteworthy that we saw an increase in attacks against the corporate sector, as well as the use of COVID-19 in fraud schemes, attacks aimed at spreading malware, and in spam mailings to make them more effective,” she said.

These two trends have undoubtedly left their mark on the nature of cybercriminals’ attacks, Kulikova said.

“Fraudulent sites that appeared to sell various items for protection against the virus popped up,” she said. “Spam mailings have been using this theme to draw attention to advertised products. Malicious links using the pandemic as a lure were also popular — and have more serious consequences. The switch to remote work led to an increase in attacks on the corporate sector, as many employees, working from home, were not able to use resources that were secured by their companies, which made them and these resources more vulnerable.”

Furthermore, scammers have been employing new tactics. They’re increasingly asking users to call them, rather than follow a link. The scammers will imitate companies like Amazon or PayPal. They’ll tell the recipient to call support to confirm orders or resolve technical issues. The tactic aims to get users to let their guard down and verbally provide their usernames and passwords.

“Be wary of messages that come from unknown authors,” Kulikova said. “Never click on any links or open any attachments from such emails. Before performing any actions on a site, verify the address in the address bar and its reputation. If the site is not reliable by any criteria or raises suspicions, you should, under no circumstances, conduct any payment transactions.”

Be particularly careful when it comes to pages and emails that mention COVID-19, she said.

“Even if the pandemic subsides, attackers will still speculate on the matter and the [corona]virus for a while,” Kulikova said. “It’s very important to periodically conduct classes on computer safety for company employees. Also, use reliable security solutions for personal computers and corporate networks.”